01304 827609 info@use-ip.co.uk Find us

HikVision Firmware updates - backdoor exploit fully disclosed

Phil

Administrator
Staff member
Trusted Member
Messages
4,976
Points
113
It is very important to keep your camera and/or NVR firmware up-to-date.
The below link leads to a recent full disclosure of a weakness found in the firmware of HikVision devices.
The weakness was shared with HikVision back in March 2017.
HikVision released new firmware to resolve the issue.
Now, the weakness has been publicly fully disclosed:
"The vulnerability poses a severe risk. Because the vulnerability is trivial to exploit"

You must keep your firmware up-to-date to ensure maximum security against hacking etc.

Please check HikVision's European Download portal for the latest firmware version for your devices:
DOWNLOAD PORTAL


Full disclosure here:
Full Disclosure: Access control bypass in Hikvision IP Cameras

Credit to IPVM for their report & explanation:
Hikvision Backdoor Exploit
NB - this link is to subscription/membership site - Home page here for general info - IPVM Video Surveillance Information
 
Thank you for this - Can you clarify something. I have 3 sets of Hikvision cameras "DS-2CD2032-I" (taken from the Model field in config). The current firmware I have is "V5.4.0 build 160530"

If I look at their download portal I can't see any more recent firmware that would fix this problem. Your site has this 5.4.0 version as well, so ... is there no update for this model of camera to remove the exploit?

Thanks
Mike
 
Hi Mike,
The 2032 cameras are in the R0 family - the latest firmware is here (V5.4.5):
DOWNLOAD PORTAL

NB to all - we don't update our resources (their firmware downloads) here at the Forum any longer.
It pre-dates their open/public HikVision Europe download portal, which makes it a lot easier to check & get the latest firmware than it used to be previously (when you had to find and download slowly from their main website in China).
 
Last night I received my first credible confirmation of customer's HikVision IP cameras being hacked at site.
Their cameras became unresponsive, and they had to visit each camera (multiple physical sites) to regain control and resolve the issue.

The likelihood of your HikVision camera being hacked has been greatly increased by the public declaration of the issue and how it can be used.

HikVision have made the following Press Release:

Hikvision Security Advisory
Reminder to apply known vulnerability patch

Early in March, Hikvision was made aware of a vulnerability in certain IP cameras. We released a firmware update that resolves the issue. Please see the following release for detailed information on which cameras are affected and the links to the firmware update for each.

Recently, there has been a wave of cyberattacks. Updating all systems is an effective way to prevent your equipment from being vulnerable to cyberattacks. We have provided the solution and we urge all our partners and users to ensure that the firmware update is being applied to all the products. Thereby you can be sure that you are not affected.

Hikvision Europe Press Release - Security Advisory

Hikvision Europe - vulnerability declaration (March 2017)


PLEASE UPDATE YOUR HIKVISION CAMERAS & NVRs TO THE LATEST FIRMWARE VERSION
DOWNLOAD PORTAL
 
Last edited:
Our customer has kindly allowed me permission to share his words with you:

This weekend, we saw several of our cameras, which are dotted around the country and port-forwarded to the Internet, suddenly become unresponsive, so we went looking for an explanation. As you have probably guessed, that turned out to be the major security flaw in the firmware of just about every camera we have. The affected cameras had basically done a factory reset and in doing so, isolated themselves from the Internet.


Gradually, we've wrestled back control, one by one, often after travelling to the site to access the camera locally. This has cost us significantly in terms of time and travelling expense and consequently knocked our confidence in Hikvision.

If you won't take my word for it, please heed theirs.
The problem is real.
HikVision hardware is being hacked.
Please update to the latest available firmware version before you experience problems / incur additional costs / suffer reputation damage.
Even if you have updated your camera's firmware recently - please note that I have this evening (28th September) spotted a new V5.50 firmware version for HikVision's two most recent families of cameras.
HikVision V5.50 firmware for their most recent IP cameras
 
Hi, if the camera is only accessible from the internet via RSTP 554, is it still exploitable?

I'm assuming cameras on local networks, with no inbound access / port forwarding (upnp off) are secure from this exploit.
 
Hi Rob, I'm afraid I can't really give advice specific to individual use cases and configurations - I have to advise you and all customers to update your cameras to the latest firmware version (in which HikVision will have secured against all known/reported vulnerabilities to this date), sorry.
Please bear in mind that this exploit was reported and dealt with in March 2017 - it has only recently been fully publicly disclosed. Other more recent vulnerabilities are likely to have also been dealt with since.
 
Is there a new firmware for my NVR >> DS-7608NI-K28P ?
Cant see this NVR in the Download Portal.

I'm currently running > V3.4.92 build 170228

Thanks
 
help i am also been hacked all camera appaear HaCKED . my device is DS-7216HWI-SH.
what is the firmware . i can i update with the name hacked?
 
Hi, I have a DS-7208HVI-SH and can´t find firmware for this model.

Any help is greatly appreciated.
 
Back
Top